[Unit]
Description=Syncthing relay server
After=network.target

[Service]
User=syncthing-relaysrv
Group=syncthing-relaysrv
ExecStart=/usr/local/bin/syncthing-relaysrv -listen=":443"
WorkingDirectory=/var/lib/syncthing-relaysrv
ExecStartPre=/sbin/setcap 'cap_net_bind_service=+ep' '/usr/local/bin/syncthing-relaysrv'

#PrivateTmp=true
#ProtectSystem=full
#ProtectHome=true
#NoNewPrivileges=true
PermissionsStartOnly=true

[Install]
WantedBy=multi-user.target
